Merge pull request #16696 from MicrosoftDocs/main

Published main to live, Tuesday 10:30 AM PST, 11/19

windows-365/enterprise/create-azure-network-connection.md

@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 10/30/2024
+ms.date: 11/19/2024
 ms.topic: how-to
 ms.service: windows-365
 ms.subservice: windows-365-enterprise
@@ -55,8 +55,6 @@ To create an ANC, you must meet these requirements:
 
 When planning your ANC VNets with ExpressRoute as the on-premises connectivity model, refer to [Azure’s documentation on VM limits](/azure/expressroute/expressroute-about-virtual-network-gateways#performance-results). For the ExpressRoute Gateway SKU, make sure that you have the correct sized Gateway for the number of Cloud PCs planned within the VNet. Exceeding this limit could cause instability in your connectivity.
 
-*******
-
 ## Create an ANC
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Windows 365** (under **Provisioning**) > **Azure network connection** > **Create**.
@@ -69,7 +67,13 @@ When planning your ANC VNets with ExpressRoute as the on-premises connectivity m
     ![Screenshot of Name field](./media/create-azure-network-connection/connection-name.png)
 
 4. Select a **Subscription** and **Resource group** for the new connection. Create a new resource group to contain your Cloud PC resources. Optionally, you can instead select an existing resource group in the list (which grant Windows 365 permissions to the existing resource group). If you don’t have a [healthy ANC](health-checks.md), you can't proceed.
-5. Select a **Virtual network** and **Subnet**.
+5. Select a **Virtual network** and **Subnet**. When selecting a vNET:
+
+    - To maintain a stable and performant connection, make sure the vNET is in the region closest to the Windows 365 users.
+    - Make sure there are enough IP addresses in the vNET subnet to accommodate all required Cloud PCs. Also, consider future growth and [resizing](resize-cloud-pc.md) needs.
+    - Make sure the vNET has line of sight to a domain controller. This line of sight is required for initial provisioning and successful sign in for hybrid joined Cloud PCs.
+    - Make sure all [required endpoints](requirements-network.md) are allowed through the vNET and aren't blocked by any firewall, proxy, or Software Gateways.
+
 6. Select **Next**.
 7. For hybrid Microsoft Entra join ANCs, on the **AD domain** page, provide the following information:
 

windows-365/enterprise/introduction-windows-365-government.md

@@ -70,6 +70,7 @@ The following features aren't yet supported for Windows 365 GCC or GCC High.
 - Bulk Troubleshoot action
 - RDP Shortpath for public networks via TURN
 - Windows 365 Link
+- Configure client device redirection for Windows App on iOS/iPadOS/Android using Intune
 
 ## Next steps
 

windows-365/enterprise/whats-new.md

@@ -65,6 +65,12 @@ For more information about public preview items, see [Public preview in Windows
 
 Windows 365 Frontline in shared mode gives you the ability to provision a collection of Cloud PCs that can be used across multiple users mapped to a Microsoft Entra ID group. One active Cloud PC is permitted per license. For more information, see [Windows 365 Frontline in shared mode](introduction-windows-365-frontline.md#windows-365-frontline-in-shared-mode-preview).
 
+#### Configure client device redirection settings for Windows App on iOS/iPadOS/Android using Microsoft Intune<!--51893843-->
+
+You can now use Microsoft Intune Mobile Application Management to check for device posture and manage redirections for Windows App on iOS, iPadOS, and Android (preview). You can use Microsoft Intune on both corporate managed and personal devices.
+
+For more information, see [Configure client device redirection settings for Windows App and the Remote Desktop app using Microsoft Intune](/azure/virtual-desktop/client-device-redirection-intune).
+
 <!-- ########################## -->
 ## Week of October 28, 2024 (Service release 2410)
 

windows-365/link/conditional-access-policies-synchronize.md

@@ -31,24 +31,24 @@ ms.collection:
 
 # Conditional Access policies for Windows 365 Link
 
-As part of [setting up your organization's environment to support Windows 365 Link](deployment-overview.md), you must make sure that your organization's sign-in and connection (if any) Conditional Access (CA) policies are synchronized. If CA is used to protect the resources used to access Windows 365 Cloud PCs, a matching policy must also be used to protect the user action to register or join devices.
+As part of [setting up your organization's environment to support Windows 365 Link](deployment-overview.md), you must make sure that your organization's sign-in and connection (if any) Conditional Access policies are synchronized. If Conditional Access is used to protect the resources used to access Windows 365 Cloud PCs, a matching policy must also be used to protect the user action to register or join devices.
 
 ## Authentication process for Windows 365 Link devices
 
 1. When the user signs in on the Windows 365 Link interactive **Sign in** screen, their account is authenticated against the device registration service.
 2. Windows 365 Link silently authenticates against the other required cloud resources (like Microsoft Graph and the Windows 365 service by using single sign-on (SSO)).
 
-## Create CA policies to synchronize sign in and connection authentication
+## Create Conditional Access policies to synchronize sign in and connection authentication
 
-If CA policies enforcing multi-factor authentication (MFA) are used to protect the resources used to access Windows 365 Cloud PCs, you must create a CA policy enforcing MFA on the user action to register or join devices. This second policy must make sure the user's authentication token has the right MFA claims after the initial sign in to Windows 365 Link.
+If Conditional Access policies enforcing multifactor authentication (MFA) are used to protect the resources used to access Windows 365 Cloud PCs, you must create a Conditional Access policy enforcing MFA on the user action to register or join devices. This second policy must make sure the user's authentication token has the right MFA claims after the initial sign in to Windows 365 Link.
 
-Also review any existing CA policies that apply to **All resources**. These policies trigger when connecting but not at sign in. Use the [What If tool](/entra/identity/conditional-access/what-if-tool) to help determine what CA policies are applied.
+Also review any existing Conditional Access policies that apply to **All resources**. These policies trigger when connecting but not at sign in. Use the [What If tool](/entra/identity/conditional-access/what-if-tool) to help determine what Conditional Access policies are applied.
 
-For more information about creating CA policies for user actions to register or join devices, see [Create a Conditional Access policy](/entra/identity/conditional-access/policy-all-users-device-registration#create-a-conditional-access-policy).
+For more information about creating Conditional Access policies for user actions to register or join devices, see [Create a Conditional Access policy](/entra/identity/conditional-access/policy-all-users-device-registration#create-a-conditional-access-policy).
 
-For more information about creating CA policies for resources used for Windows 365, see [Set Conditional Access policies](../enterprise/set-conditional-access-policies.md).
+For more information about creating Conditional Access policies for resources used for Windows 365, see [Set Conditional Access policies](../enterprise/set-conditional-access-policies.md).
 
-For more information about CA and user actions, see [User actions](/entra/identity/conditional-access/concept-conditional-access-cloud-apps#user-actions).
+For more information about Conditional Access and user actions, see [User actions](/entra/identity/conditional-access/concept-conditional-access-cloud-apps#user-actions).
 
 <!-- ########################## -->
 ## Next steps

windows-365/link/requirements.md

@@ -71,7 +71,7 @@ To [configure SSO](../enterprise/configure-single-sign-on.md), use either of the
 
 After SSO is enabled, Windows 365 Link devices can be used to connect to those Cloud PCs. For more information, see [Configure single sign-on for Windows 365 using Microsoft Entra authentication](../enterprise/configure-single-sign-on.md).
 
-### Conditional access
+### Conditional Access
 
 If you're using Conditional Access to protect access to Cloud PC, make sure to include the SSO Cloud App resource in the target resources of those Conditional Access policies.
 
@@ -88,4 +88,4 @@ Also consider suppressing the SSO Consent Prompt by configuring the SSO on servi
 <!-- ########################## -->
 ## Next steps
 
-[Join Windows 365 Link devices to Microsoft Entra ID](join-microsoft-entra.md).
+[Join Windows 365 Link devices to Microsoft Entra ID](join-microsoft-entra.md).

windows-365/link/whats-in-the-box.md

@@ -91,9 +91,9 @@ USB and Bluetooth support for:
 
 ## Software
 
-The Windows 365 Link comes pre-installed with the X operating system.
+The Windows 365 Link comes pre-installed with the Windows CPC operating system.
 
-Operating system updates occur automatically during off hours. To get these upadates, make sure the device is plugged in and powered on (in standby or sleep mode).
+Operating system updates occur automatically during off hours. To get these updates, make sure the device is plugged in and powered on (in standby or sleep mode).
 
 ## Wireless support